2 adding servers to the load balancing group, Adding servers to the load balancing group -3 – Riverstone Networks WICT1-12 User Manual
Page 501
Riverstone Networks RS Switch Router User Guide Release 8.0 22-3
Web Hosting Configuration
Load Balancing
There are several configurable levels of session persistence:
•
TCP persistence: a binding is determined by the matching the source IP/port address as well as the
virtual destination IP/port address. For example, requests from the client address of
134.141.176.10:1024 to the virtual destination address 207.135.89.16:80 is considered one session
and would be directed to the same load balancing server (for example, the server with IP address
10.1.1.1). A request from a different source socket from the same client address to the same virtual
destination address would be considered another session and may be directed to a different load
balancing server (for example, the server with IP address 10.1.1.2). This is the default level of
session persistence.
•
SSL persistence: a binding is determined by matching the source IP address and the virtual
destination IP/port address. Note that requests from any source socket with the client IP address are
considered part of the same session. For example, requests from the client IP address of
134.141.176.10:1024 or 134.141.176.10:1025 to the virtual destination address 207.135.89.16:80
would be considered one session and would be directed to the same load balancing server (for
example, the server with IP address 10.1.1.1).
•
Sticky persistence: a binding is determined by matching the source and destination IP addresses
only. This allows all requests from a client to the same virtual address to be directed to the same load
balancing server. For example, both HTTP and HTTPS requests from the client address
134.141.176.10 to the virtual destination address 207.135.89.16 would be directed to the same load
balancing server (for example, the server with IP address 10.1.1.1).
•
Virtual private network (VPN) persistence: for VPN traffic using Encapsulated Security Payload
(ESP) mode of IPSec, a binding is determined by matching the source and destination IP addresses
in the secure key transfer request to subsequent client requests. This allows both the secure key
transfer and subsequent data traffic from a particular client to be directed to the same load balancing
server. The default port number recognized by the RS for secure key transfer in VPN is 500; you can
use the
load-balance set vpn-dest-port
command to specify a different port number.
•
IP persistence: Used for L3 persistence of load balancing sessions. Note that for IP persistence, there
can be only one virtual IP address associated with one load balancing group. In addition, a load
balancing server may belong to one IP group only.
The RS also supports netmask persistence, which can be used with any of the five levels of session persistence. A
netmask (configured with the
load-balance set client-proxy-subnet
command) is applied to the source IP
address and this address is compared to the list of bindings: if a binding exists, the packet is sent to the same load
balancing server previously selected for this client; if there is not a match, a new binding is created.
This feature allows a range of source IP addresses (with different port numbers) to be sent to the same load balancing
server. This is useful where client requests may go through a proxy that uses Network Address Translation or Port
Address Translation or multiple proxy servers. During a session, the source IP address can change to one of several
sequential addresses in the translation pool; the netmask allows client requests to be sent to the same server.
The following example configures the load balancing group “abccompany-www” with a persistence level of SSL:
22.1.2
Adding Servers to the Load Balancing Group
Once a logical server group is created, you specify the servers that can handle client requests. When the RS receives a
client request directed to the virtual server address, it redirects the request to an actual server address and port. Server
selection is done according to the specified policy.
rs(config)# load-balance create group-name abccompany-www virtual-ip
207.135.89.16 virtual-port 80 protocol tcp persistence-level ssl